Identity Analytics: Clean and Maintain Your Data for Security Policy Compliance
- The Radiant Team
- September 13, 2023
- Brainwave GRC Archives
- 12 MIN READ
In today’s world of Zero Trust and the need for compliance with the internal security policies of organizations across the globe, one of the first areas to address is the gaps and anomalies linked to user access. Relying on identity analytics can be an essential way to make the first strides in tackling these issues which have become so pertinent to a cyber security strategy.
Data Quality: A Prerequisite For User Access Reviews and Identity Analytics
In general, it can be said that data quality around user access is relatively poor. Staffing changes linked to departures and inter-departmental reassignments are often undertaken without updating internal repositories and directories within the HR and/or IT departments. This means that people can leave a company and still have access to accounts that they used when they were working there. If someone has malicious intent, the use of his or her account after severing a professional relationship can open the door to hacking and other breaches. On a less critical level but equally as important are dormant and orphaned accounts that are left forgotten and hidden for a number of reasons. It is best to uncover and deactivate them to prevent risky issues in the future.
When data quality is poor, it can lead to errors in interpretation. Those with access can relate to the data in a completely different manner than someone else in the team who has the same access to it. This opens the door to putting security policies and regulations within the company in jeopardy. Of course, accidents do happen, and low data quality is not always intentional. The simple notion of digital transformation and ever-changing data landscapes can lend itself to quickly “degrading” quality across the enterprise.
Identity Analytics: How Did We Get Here?
If we take a closer look at how companies get themselves into this predicament, it is relatively easy to understand. First and foremost, the volume of data within an organization is monumental. The smallest of errors, such as a missed key stroke, can falsify the information within databases and other storage areas that can cause problems down the road. In fact, manual data entry is one of the most important reasons for poor data quality.
But what about repository drift? This happens when the manner in which objects are configured changes over time, resulting in inconsistencies. An example of this is when a security setting is changed in one part of the system but goes undocumented or is not applied to all areas of the system. Additionally, directories and repositories are disparate in nature, which can create discrepancies when doing any data-correlation processes.
The same goes for faulty naming conventions which sometimes can wreak havoc in a database for reasons of a capital letter or misplaced hyphen. Lastly, let’s not forget changes within the company that are not correctly documented within systems across the enterprise, such as HR data which is not transmitted or shared with technical teams who would need to update their own files accordingly.
Can We Fix It With Identity Analytics?
Luckily, tools like RadiantOne Identity Analytics can come to the rescue for many of these issues. To start with, one of its main functions is to create an access inventory. With this feature, it will be possible to know who has access to what resources at any time. Once the access inventory is created, all of the data regarding accesses and accounts linked to a particular identity will be correlated. This is a part of the clean-up process that gathers and relegates identity-related access to one spot. If there is any missing information, or if the information that has been correlated is inaccurate or incorrect, it can be enriched and updated so as to be pertinent and relevant for analysis.
All of these efforts serve one targeted purpose: to uncover quality issues that may exist in the access data in order to rectify and remediate them. Inaccurate data in any information system can open the door to all types of risk, but identity data is particularly sensitive, as it is often used as a way for malicious employees and hackers to enter a company’s network through the back door in utilizing the account of an unaware entity.
Identity Analytics: The Advantages of Clean Data
It probably doesn’t take a lot to understand the extreme importance of clean data in any information system. So many issues, including cyber risk and poor decision-making, can interfere with the smooth running of the organization’s daily business practices because of it.
Using a solution like RadiantOne Identity Analytics to improve the data quality to a point of perfection can help companies to:
- Prove compliance with security policies based on access
- Enhance IAM and IGA programs
- Minimize risk
- Reduce costs and increase ROI
Before starting any project or program, the data quality must be ascertained and, if needed, improved or corrected. No one wants erroneous results based on erroneous data. Remember the adage: junk in, junk out. No better statement applies to this case.
Identity Analytics: What Else Can It Do?
Many companies rely on the power of identity analytics to help with data quality, the first step in undertaking any project or program based on access. But what are the other strengths of the solution, and how can you get the most out of it?
Access Inventory
One of the very first things that we think of when it comes to identity analytics is a way to get a thorough understanding of each and every access which resides within our information systems. For this, the first task at hand is to create an access inventory. Once done, this inventory can lead the way to access mapping – learning who has access to what and how they got it.
As mentioned previously, it is imperative that data cleaning be done at the inventory level in order to provide accurate mapping results. This inventory and mapping then can aid in the creation of an identity catalog that contains accurate and up-to-date information regarding the data associated with access rights and permissions across the company.
Automation of Quality Controls
One of the key points of using an identity analytics solution is the fact that it can help control the quality of access data in an automated way.
Take the case of the Human Resources department. Every day, there are employees who join the company and others who leave. In either case, there are access rights and permissions, some linked to applications and others to shared folders or other data sources. How is all of this monitored? Are we sure that the person who left the company has had all of his access revoked? And if not, how can we be entirely sure that it will not lead to a risk of cyber-attack or fraud?
Radiant Logic’s Identity Analytics solution includes over 150 controls out of the box, controls for which user-friendly dashboards display results based on the data ingested into the tool. From these dashboards, managers can see if there are any risky situations, such as dormant or orphaned accounts or accounts still assigned to people who have left the company. Because of the risk ranking, the most problematic areas can be addressed immediately, substantially reducing the risk by correcting them as a top priority. If there are any questions or concerns, a 360° view of the troublesome accounts or identities can be accessed at the click of a button.
Analytics
It might seem that this aspect of identity analytics is the most obvious, but in reality, it could be seen as the most confusing. What is truly meant by the word “analytics” in the phrase “identity analytics?”
To start with, we have to go back to the crux of the issue which is, in fact, the identity. More specifically, we are referring to any access that an identity has to resources within an organization. Simply put, this would answer the question, “Who has access to what assets within the company?”
In seeking to respond to this question, one of the first things that comes to mind is the need to know of any anomalies, defects or gaps in the data linked to identity access. Are we sure that Person A should have read and write privileges to the payroll files? Why has Person B been added to the group that has privileged access to highly sensitive financial applications? And this dormant account is attributed to a person who left the company over three months ago. Not only do these problems have to become visible to those who monitor and manage access, but they have to be scored and ranked in order of importance. In this way, the riskiest gaps can be handled as a priority in the task list.
Another significant piece of identity analytics is its influence and expertise in providing analytics of a predictive nature. This means that an identity analytics solution is capable of suggesting future outcomes based on historical data modeling and mining techniques. Not only will an understanding of what happened in the past be made available, but an awareness of possible future issues and problems with previously unknown and potential risk can be brought to light.
An example of this is when complications regarding Segregation of Duties (SoD) are uncovered. Sally in the accounting department inadvertently has been given permission to not only write checks but also to sign those very checks. Whether she is aware of this conflict or not, it is easy to see that various systems internal to her company are offering her the opportunity to wreak havoc if she was of a malicious nature. Predicting the potential outcome of fraud or other forms of financial risk is one of the ways that identity analytics can be beneficial to organizations.
Lastly, identity analytics solutions can utilize machine-learning techniques to ingest, correlate and study identity data with the goal of bringing to the surface any anomalies, gaps or black holes. In doing so, there is an even deeper analysis of risk linked to identity, access and permissions that helps companies prevent all types of fraud and unwelcome breaches. When defects are found, corrective action and remediation suggestions are automatically put forward. Once rectified, decisions can be made based on accurate, up-to-date information that was, up to this point, unknown or masked within the information system. The result is a high level of compliance with internal security policies as well as time and cost savings which increase the overall return on investment.
Identity Analytics and the User Access Review
Another key feature of any identity analytics platform is typically the functionality related to performing user access reviews. Campaigns of this nature are very often required by regulatory entities such as Sarbanes-Oxley (SOX), SOC1/2, HIPAA, ISO27001 and the like. Simply stated, it means that a company must be able to produce data and reports that show who has access to what, when they got it, who authorized it and what they do with the information to which they have access. As can be easily understood, this information often requested by auditors helps a company prove compliance with its internal as well as external security policies. Additionally, it is an essential way of highlighting any underlying risk which could be lurking in the information systems.
Surprisingly, many companies of all sizes are still doing user access reviews in a manual fashion. They can be described by review owners as being tedious and time-consuming and are the bane of many who are unmotivated or downright adverse to performing them, often on a monthly or quarterly basis. Managers in charge of reviews, approvals or remediation activities often consider that this is not part of their “day job,” and for this reason, it is quite common for reviews to be only half-completed or not finished at all. This, in turn, creates compliance and risk problems that were mentioned previously.
The key reasons for what some refer to as “review fatigue” are:
- A voluminous amount of data to be reviewed
- Difficulty with the coordination of supporting tasks
- Hard to motivate the review teams due to miscomprehension of technical data
- Reviews frequently not finalized
Additionally, those who manage and perform user access reviews feel that they do not always get an exhaustive view of all of the access. This can also include accounts with sensitive or privileged access. There are concerns that the dashboards and reporting that is provided by the analytics solution are limited regarding follow-up and follow-through and do not lend themselves to communicating with upper management about the progress and the results of the review. At times, the data is not current which leads to situations, access and accounts that have to be reviewed over and over.
When it comes to the choice of a solution, it is important to understand whether or it will help to facilitate decision-making based on the results of the review. This is because there are times when contextual information is missing, such as information from the HR department, technical details or the responsibilities and job functions of the identities being reviewed. Furthermore, if the tool is complex and unwieldy, it is seen by reviewers as being too difficult to use. If it is not utilized in the correct manner, the risks linked to the identities being analyzed are not uncovered. Atypical situations, anomalies and gaps are difficult to highlight with tools that are presumed to be ineffective.
RadiantOne Identity Analytics Does the Job
Luckily, there is a solution on the market that is well-known and praised for the precision with which it handles user access reviews. Its strength lies in these 4 key areas:
- The collection and correlation of any type of data from disparate sources
- The user-friendliness that leads to efficient and fact-based decision-making
- Automated, time-saving methods that handle a significant amount of employee and resource data
- Proof of compliance based on continuous monitoring
The value proposition of doing user access reviews with Radiant Logic Identity Analytics is three-fold: review assistance, gap management and proven compliance.
Review Assistance
One of the biggest complaints about doing user access reviews, especially those that are done manually, is that there is little to no outside help in being successful when performing them.
With Radiant Logic Identity Analytics, the entire process of doing periodic access reviews is streamlined and automated. The preparation and launching of the review process is easy and effective, and once implemented, the solution can return results in as little as four to six weeks. The solution itself is ergonomic in nature and can interface seamlessly with sources of data that are needed to perform the reviews. Very often, out-of-box connectors are readily available in Radiant Logic’s Marketplace, making it even simpler to ingest data into the platform. Decision-making based on remediation suggestions from the tool itself is quick and easy and based on control and gap analysis.
Gap Management
In order to stay on top of any defects or gaps in the identity analysis, Radiant Logic’s solution automates the continuous monitoring of access rights. This is done with a series of snapshots of the state of the data at any given time. Every time a review is performed, a snapshot is taken of the data and kept in the history banks to provide a continual look at the evolution of the access data over time. Auditors are especially pleased with this aspect of the tool, as results of any given review are captured, logged and stored should any unusual situation occur in the future.
By doing this continuous monitoring, gaps and anomalies are uncovered and shown to the review manager by use of the integrated dashboards. They are also scored and ranked with regard to the level of risk that they pose. This helps the review owners to target the situations of highest risk, reducing any issues that could cause auditors to throw up red flags with regards to compliance.
Perhaps the most convenient aspect of Identity Analytics is its ability to interface directly with third-party ticketing systems such as ServiceNow or Jira. Any remediation suggestions or corrective actions that need to be acted upon can be loaded without human intervention, and the follow-up of these remediations can also be automated to ensure that they have been completed. In the event a ticket system is not included in the process of managing a company’s access, automated emails can be launched and directed to the pertinent personnel in the IT department responsible for handling these changes.
Proven Compliance
RadiantOne Identity Analytics provides a feature that manual access reviews cannot: quickly and effectively responding to auditor questions when compliance with security policies is called into question. Because the processes are automated, responses and reporting are quasi-instantaneous. Additionally, the reports in PDF format are greatly appreciated as a third-party support to proving compliance as, with manual reviews and spreadsheets, human errors can be rampant and cause inconsistent and erroneous review results. In addition to providing answers to auditors, the reports that are created in just one click can also be used to help prove compliance with regulations such as Sarbanes-Oxley, SOC1/2, HIPAA and ISO27001.
Identity Analytics is a Key Component of Your Cybersecurity Strategy
This article highlights and shares the many reasons why identity analytics is crucial in facing and handling issues and problems that are faced when considering a cyber security strategy within an organization. Many breaches and fraudulent acts can be narrowed down to one source of data: access related to identities. Access-related data is spread throughout a company’s information systems and can be hidden, forgotten or just hard to find or categorize. If this access is not analyzed and monitored in an on-going and systematic manner, it is very hard to prove compliance with both internal and external security policies and regulations. Risks based on identity data as well as controls to uncover, score and rank these risk levels are crucial to maintaining a posture of cyber-security readiness and alertness. By using a solution such as RadiantOne Identity Analytics, knowing who has access to what and if the access is accurate, approved and legitimate is easy, effective and painless.
Find out more
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box.